Powershell script for multiple Group memeberlist and managerby

Hello

I have a Powershell script I have working fine but I have to send an automatic email by a task scheduler via 2008 server to all managedby (owner of group) to several different group with a text of each memberlist. In my $messagebody1 - I would like to add the group name of each group that correspondes to each $messagessubject .

Example: When I run the script it will send an email to the manageredby (owner) with the memberlist listed in a text in the email. I have listed the script below and an email example: Please read the second line in the $messagebody1 that starts with The following users listed “”“”

#GroupOwnerEmail.ps1
#Prupose: Pull AD groups from grouplist, get member attributes and smtp mail to group owner for review

$smtpServer = “”

$smtpFrom = “”

$messagebody1 = "This message is notice for the quarterly group membership attestation required by our Policies.
The following users listed below are members of the ($group) group, which provides privileged access to AIX servers.
You are listed as the Custodian of this group. Please verify these users should retain this access.

If any users should be removed, please submit a Service Now Revoke Access request.

Please reply to this email, affirming that you have reviewed the access to this group.
If you are no longer the custodian, please reply stating so.
If known, please also provide the name of the person now managing this group’s members

Thank you"

$groups = Get-Content c:\temp\adgroups.txt

[string]$messagebody = “”

foreach ($group in $groups)
{

$group = Get-QADGroup $group

$ManagedBy = (Get-QADUser $Group.ManagedBy).Email

$smtpTo = $managedby

$messagebody2 = Get-QADGroupMember $group | % {

“rnrn”
“$($.NTaccountName.ToString())", " “,”$($.DisplayName.ToString())”," “,”$($_.Email.ToString())"

}

$smtp = New-Object Net.Mail.SmtpClient($smtpServer)

$messageSubject = “Action Required - Review Members List For group " + " $Group - 4th Quarter”

$smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody1 + $messagebody2)

}

Here is the email that’s generated:

-----Original Message-----
From: MyEmail
Sent: Monday, October 14, 2013 9:38 AM
To: MyEmail

Subject: Action Required - Review Members List For Group (GroupName works fine) - 4th Quarter

This message is notice for the quarterly group membership attestation required by our Policies.

The following users are members of the (GroupName) group, which provides privileged access to AIX servers.

You are listed as the Custodian of this group. Please verify these users should retain this access.

If any users should be removed, please submit a Service Now Revoke Access request.

Please reply to this email, affirming that you have reviewed the access to this group.

If you are no longer the custodian, please reply stating so.

If known, please also provide the name of the person now managing this group’s members

Thank you

Userid John Bob1 jbob1@mydomain.com

Userid John Bob2 jbob2@mydomain.com

Userid John Bob3 jbob3@mydomain.com

Userid John Bob4 jbob4@mydomain.com

I have four different group with four different manageredby to receive individaul email with their group lasted in the $messagebody1. The subject is working correctly - it will listed the different group names per a text file - $groups = Get-Content c:\temp\adgroups.txt.

Thank you

The simplest way would be to split $messagebody1

}


I don’t have a system I can test this on but think it should work

I would also avoid reusing $group - you had

foreach ($group in $groups)
{

$group = Get-QADGroup $group

When you come back to this script it could get confusing using $group in 2 different ways

Nothing happen when running the script. I am confused now.

Thank you for the help

Can you post the code you are using?

#GroupOwnerEmail.ps1
#Prupose: Pull AD groups from grouplist, get member attributes and smtp mail to group owner for review

$smtpServer = “”

$smtpFrom = “”

$messagebody1 = "This message is notice for the quarterly group membership attestation required by our Policies.
The following users listed below are members of the $group group, which provides privileged access to AIX servers.
You are listed as the Custodian of this group. Please verify these users should retain this access.

If any users should be removed, please submit a Service Now Revoke Access request.

Please reply to this email, affirming that you have reviewed the access to this group.
If you are no longer the custodian, please reply stating so.
If known, please also provide the name of the person now managing this group’s members

Thank you"

$groups = Get-Content c:\temp\adgroups.txt

[string]$messagebody = “”

foreach ($group in $groups)
{

$group = Get-QADGroup $group

$ManagedBy = (Get-QADUser $Group.ManagedBy).Email

$smtpTo = $managedby

$messagebody2 = Get-QADGroupMember $group | % {

“rnrn”
“$($.NTaccountName.ToString())", " “,”$($.DisplayName.ToString())”," “,”$($_.Email.ToString())"

}

$smtp = New-Object Net.Mail.SmtpClient($smtpServer)

$messageSubject = “Action Required - Review Members List For group " + " $Group - 4th Quarter”

$smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody1 + $messagebody2)

}

That’s not what I posted.

The code I posted was this:

#GroupOwnerEmail.ps1
#Prupose: Pull AD groups from grouplist, get member attributes and smtp mail to group owner for review

$smtpServer = “”

$smtpFrom = “”

$messagebody1 = "

If any users should be removed, please submit a Service Now Revoke Access request.

Please reply to this email, affirming that you have reviewed the access to this group.
If you are no longer the custodian, please reply stating so.
If known, please also provide the name of the person now managing this group’s members

Thank you”

$groups = Get-Content c:\temp\adgroups.txt

[string]$messagebody = “”

foreach ($group in $groups)
{

$messagebody0 = “This message is notice for the quarterly group membership attestation required by our Policies.
The following users listed below are members of the ($group) group, which provides privileged access to AIX servers.
You are listed as the Custodian of this group. Please verify these users should retain this access.”

$group = Get-QADGroup $group

$ManagedBy = (Get-QADUser $Group.ManagedBy).Email

$smtpTo = $managedby

$messagebody2 = Get-QADGroupMember $group | % {

“rnrn”
“$($.NTaccountName.ToString())”, ” “,”$($.DisplayName.ToString())”,” “,”$($_.Email.ToString())”

}

$smtp = New-Object Net.Mail.SmtpClient($smtpServer)

$messageSubject = “Action Required – Review Members List For group ” + ” $Group – 4th Quarter”

$smtp.Send($smtpFrom,$smtpTo,$messagesubject,$messagebody0 + $messagebody1 + $messagebody2)

}

I apologize I don’t know how I pasted my script in there. Your script works man. I really do apreciate the help. I am new to writing powershell script but not new to powershell. I haven’t wrote powershell script to that magnitude. Lol, I can run a powershell cmdlet and generate data but I will say that I loving the opportunity to write these scripts. I have another one I have to create for users account last password change by time and date stamp for over 50,000 users.

Again, thank you for the help.

This is what I got for the password date and time stamp!

Function Get-XADUserPasswordExpirationDate() {

Param (
	[Parameter(Mandatory=$true,  Position=0,  ValueFromPipeline=$true, HelpMessage="Identity of the Account")]
	[Object] $accountObj
)

PROCESS {
    If ($accountObj.PasswordExpired) 
	{	Return "Expired"
    } 
	Else 
	{	If ($accountObj.PasswordNeverExpires) 
		{	Return "Password set to never expire"
        } 
		Else 
		{	$passwordSetDate = $accountObj.PasswordLastSet
            If ($passwordSetDate -eq $null) 
			{	Return "Password has never been set"
            }  
			Else 
			{	$maxPasswordAgeTimeSpan = $null
                $dfl = (get-addomain).DomainMode
                If ($dfl -ge 3) 
				{	## Greater than Windows2008 domain functional level
                    $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj
                    If ($accountFGPP -ne $null) 
					{	$maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
                    } 
					Else 
					{	$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
                    }
                } 
				Else 
				{	$maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
                }
                If ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -eq 0) 
				{	Return "MaxPasswordAge is not set for the domain or is set to zero!"
                } 
				Else 
				{	Return ($passwordSetDate + $maxPasswordAgeTimeSpan)
                }
            }
        }
    }
}

}

cls
$Result = @()
$Users = Get-ADUser -Filter * -Properties GivenName,sn,PasswordExpired,PasswordLastSet,PasswordneverExpires
ForEach ($User in $Users)
{ $Result += New-Object PSObject -Property @{
‘Last Name’ = $User.sn
‘First Name’ = $User.GivenName
UserName = $User.SamAccountName
Expiration = $($User | Get-XADUserPasswordExpirationDate)
}
}
$Result = $Result | Select ‘Last Name’,‘First Name’,UserName,Expiration | Sort ‘Last Name’

#Produce a CSV
$Result | Export-Csv c:\temp\passwordexpirationdate.csv

#Send HTML Email
$Header = @"
<style>
TABLE {border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse;}
TD {border-width: 1px;padding: 3px;border-style: solid;border-color: black;}
</style>
"@
$splat = @{
From = “”
To = “”
SMTPServer = “”
Subject = “Password Expiration Report”
}
$Body = $Result | ConvertTo-Html -Head $Header | Out-String
Send-MailMessage @splat -Body $Body -BodyAsHTML -Attachments $Path\ExpirationReport.csv